Hello Netskope community members!
For those of you who ever wondered what the "Blocked Events" dialog from the Netskope Client is actually tracking - I'll try to explain in a couple of words.
In the Steering Configuration Exceptions (Settings > Security Cloud Platform > Steering Configuration > tenant config > Exceptions) you will find the exceptions that are active for your specific tenant configuration. By default, they are filled up with exceptions that we know can be useful because of TLS decryption issues (certificate pinned apps). Note that these exceptions usually are configured with action "Bypass".
Once you change this action from "Bypass" to "Block" - that's when you tell the client not to Bypass these connection attempts, but actually block them from establishing on the client. And we have no means to track that in the NewEdge DP, since the connection will never reach us as it's already blocked locally. So we will then track them in the Blocked Events in the client on the device itself:
I hope you now understand what events are tracked for which reason in the "Blocked Events" in the context menu of the nsclient.
Feel free to comment if you have any remarks!